The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
Top cited Network Security Articles- Part 1
1. Top cited Network Security
Articles- Part 1
International Journal of Network Security & Its
Applications (IJNSA)
ISSN 0974 - 9330 (Online); 0975 - 2307 (Print)
http://airccse.org/journal/ijnsa.html
2. Citation Count – -51
The Internet of Things : New Interoperability, Management and
Security Challenges
Mahmoud Elkhodr, Seyed Shahrestani and Hon Cheung
School of Computing, Engineering and Mathematics, Western Sydney University, Sydney, Australia
ABSTRACT
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
KEYWORDS
Internet of Things, Wireless Network, Security, Privacy, Management & Interoperability
For More Details : http://aircconline.com/ijnsa/V8N2/8216ijnsa06.pdf
Volume Link : http://airccse.org/journal/jnsa16_current.html
3. REFERENCES
[1] M. Elkhodr, S. Shahrestani, and H. Cheung, "A Semantic Obfuscation Technique for the Internet of
Things," in IEEE International Conference on Communications (ICC), Sydney, Australia, 2014, pp. 448 -
453.
[2] L. Atzori, A. Iera, and G. Morabito, "The Internet of Things: A survey," Computer Networks, vol. 54,
pp. 2787-2805, 2010.
[3] H. y. D. o. C. Science, F. Eliassen, and J. Veijalainen, A functional approach to information system
interoperability, 1988.
[4] Wikipedia. Interoperability. Available: https://en.wikipedia.org/wiki/Interoperability
[5] "IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries,"IEEE
Std 610, pp. 1-217, 1991.
[6] H. van der Veer and A. Wiles, "Achieving technical interoperability," European Telecommunications
Standards Institute, 2008.
[7] (2011). Semantic interoperability of health information Available: http://www.en13606.org/the-
ceniso-en13606-standard/semantic-interoperability
[8] A. E. Andargoli, P. Bernus, and H. Kandjani, "Analysis of Interoperability in the Queensland Disaster
Management System," in ICEIS (3), 2013, pp. 310-317.
[9] (2015). Cross-Domain Interoperability. Available: https://www.ncoic.org/cross-
domaininteroperability
[10] J. Sarto. ZigBee VS 6LoWPAN for Sensor Networks. Available:
https://www.lsr.com/whitepapers/zigbee-vs-6lowpan-for-sensor-networks
[11] (10/07/2010). Available: http://www.hybus.net/lan_english/index.htm
[12] J. Groopman. (2014) Interoperability: The Biggest Challenge Facing Mass Consumerization of
Internet of Things. Altimeter. Available: http://www.altimetergroup.com/2014/02/interoperabilitythe-
challenge-facing-the-internet-of-things/
[13] S. Kumar, M. Bhardwaj, and A. Q. Bhat, "Study of Wireless Sensor Networks its Routing
Challenges and Available Sensor Nodes," in International Journal of Engineering Research and
Technology, 2013.
[14] C. H. Liu, B. Yang, and T. Liu, "Efficient naming, addressing and profile services in Internet-
ofThings sensory environments," Ad Hoc Networks, vol. 18, pp. 85-101, 7// 2014.
[15] Q. Zhu, R. Wang, Q. Chen, Y. Liu, and W. Qin, "Iot gateway: Bridgingwireless sensor networks into
internet of things," in 2010 IEEE/IFIP 8th International Conference on Embedded and Ubiquitous
Computing (EUC), 2010, pp. 347-352.
[16] R. R. Kujur and A. Dwivedi, "Exploration of Existing Frameworks for Connecting Wireless Sensor
Networks (WSNs) with Current Internet," International Journal of Computer Applications, vol. 86, 2014.
4. [17] M. Blackstock and R. Lea, "Toward interoperability in a web of things," in Proceedings of the 2013
ACM conference on Pervasive and ubiquitous computing adjunct publication, 2013, pp. 1565-1574.
[18] M. Welsh and G. Mainland, "Programming Sensor Networks Using Abstract Regions," in
NSDI,2004, pp. 3-3.
[19] Y.-K. Chen, "Challenges and opportunities of internet of things," in 2012 17th Asia and South
Pacific Design Automation Conference (ASP-DAC), 2012, pp. 383-388.
[20] C. C. Aggarwal, N. Ashish, and A. Sheth, "The internet of things: A survey from the data-centric
perspective," in Managing and mining sensor data, ed: Springer, 2013, pp. 383-428.
[21] N. A. Ali and M. Abu-Elkheir, "Data management for the internet of things: Green directions," in
Globecom Workshops (GC Wkshps), 2012, pp. 386-390.
[22] M. Chui, M. Löffler, and R. Roberts, "The internet of things," McKinsey Quarterly, vol. 2, pp. 1-
9,2010.
[23] L. Yang, S. Yang, and L. Plotnick, "How the internet of things technology enhances emergency
response operations," Technological Forecasting and Social Change, vol. 80, pp. 1854-1867,2013.
[24] M. Elkhodr, S. Shahrestani, and H. Cheung, "A Review of Mobile Location Privacy in the Internet of
Things," in 2012 Tenth International Conference on ICT and Knowledge Engineering, Bangkok,
Thailand, 2012, pp. 266-272.
[25] M. H. Behringer, "End-to-End Security," The Internet Protocol Journal, vol. 12, p. 20, 2009.
International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.2, March 2016 101
[26] G. Summers, "Data and databases," Koehne, H Developing Databases with Access: Nelson Australia
Pty Limited, pp. 4-5, 2004.
[27] R. Roman, P. Najera, and J. Lopez, "Securing the Internet of Things," Computer, vol. 44, pp. 51-58,
2011.
[28] H. Suo, J. Wan, C. Zou, and J. Liu, "Security in the internet of things: a review," in 2012
International Conference onComputer Science and Electronics Engineering (ICCSEE),, 2012, pp.648-
651.
[29] R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, "Key management systems for sensor networks in
the context of the Internet of Things," Computers & Electrical Engineering, vol. 37, pp. 147-159, 2011.
[30] C. Doukas and I. Maglogiannis, "Bringing IoT and cloud computing towards pervasive healthcare,"
presented at the Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous
Computing (IMIS), Palermo, Italy, 2012.
[31] J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM
SIGCOMM Computer Communication Review, vol. 34, pp. 39-53, 2004.
[32] G. Gang, L. Zeyong, and J. Jun, "Internet of things security analysis," in 2011 International
Conference on Internet Technology and Applications (iTAP), 2011, pp. 1-4.
5. [33] S. Misra, P. V. Krishna, H. Agarwal, A. Saxena, and M. S. Obaidat, "A learning automata based
solution for preventing distributed denial of service in Internet of things," in 2011 International
Conference on and 4th International Conference on Cyber, Physical and Social Computing, 2011,pp. 114-
122.
[34] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, "Security
Challenges in the IP-based Internet of Things," Wireless Personal Communications, vol. 61, pp. 527-542,
2011.
[35] D. Mansouri, L. Mokdad, J. Ben-Othman, and M. Ioualalen, "Detecting DoS attacks in WSN based
on clustering technique," in Wireless Communications and Networking Conference (WCNC), 2013, pp.
2214-2219.
[36] D. Martynov, J. Roman, S. Vaidya, and H. Fu, "Design and implementation of an intrusion detection
system for wireless sensor networks," in IEEE International Conference on Electro/Information
Technology, 2007, pp. 507-512.
[37] S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion detection in the Internet of
Things," Ad hoc networks, vol. 11, pp. 2661-2674, 2013.
[38] S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of
service (DDoS) flooding attacks," IEEE Communications Surveys & Tutorials, vol. 15, pp. 2046-2069,
2013.
[39] N. Ye, Y. Zhu, R.-C. Wang, R. Malekian, and L. Qiao-min, "An Efficient Authentication and Access
Control Scheme for Perception Layer of Internet of Things," Applied Mathematics & Information
Sciences, vol. 8, pp. 1617-1624, Jul 2014 2014-03-22 2014.
[40] L. Wang, D. Wijesekera, and S. Jajodia, "A logic-based framework for attribute based access
control," presented at the ACM workshop on Formal methods in security engineering, NY, USA, 2004.
[41] Q. Han and J. Li, "An authorization management approach in the internet of things," Journal of
Information & Computational Science, vol. 9, pp. 1705-1713, 2012.
[42] D. R. Kuhn, E. J. Coyne, and T. R. Weil, "Adding attributes to role-based access control," Computer,
pp. 79-81, 2010.
[43] A. Cavoukian, M. Chibba, G. Williamson, and A. Ferguson, "The Importance of ABAC:Attribute-
Based Access Control to Big Data: Privacy and Context," The Privacy and Big Data Institute,
Canada2015.
[44] M. Elkhodr, S. Shahrestani, and H. Cheung, "The Internet of Things: Vision & Challenges," in IEEE
Tencon Spring 2013, Sydney, Australia, 2013, pp. 218 - 222.
[45] B. Hoh, M. Gruteser, H. Xiong, and A. Alrabady, "Enhancing security and privacy in
trafficmonitoring systems," IEEE Pervasive Computing, vol. 5, pp. 38-46, 2006.
[46] M. Elkhodr, S. Shahrestani, and H. Cheung, "A Review of Mobile Location Privacy in the Internet of
Things," in IEEE Tenth International Conference on ICT and Knowledge Engineering,Bangkok,
Thailand, 2012, pp. 266-272.
6. AUTHOR
Mahmoud Elkhodr is with the School of Computing, Engineering and
Mathematics at Western Sydney University (Western), Australia. He has been
awarded the International Postgraduate Research Scholarship (IPRS) and
Australian Postgraduate Award (APA) in 2012-2015. Mahmoud has been awarded
the High Achieving Graduate Award in 2011 as well. His research interests
include: Internet of Things, e-health, Human Computer-Interactions, Security and
Privacy.
Dr. Seyed Shahrestani completed his PhD degree in Electrical and Information
Engineering at the University of Sydney. He joined Western Sydney University
(Western) in 1999, where he is currently a Senior Lecturer. He is also the head of
the Networking, Security and Cloud Research (NSCR) group at Western. His
main teaching and research interests include: computer networking, management
and security of networked systems, analysis, control and management of complex
systems, artificial intelligence applications, and health ICT. He is also highly
active in higher degree research training supervision, with successful results.
Dr. Hon Cheung graduated from The University of Western Australia in 1984 with
First Class Honours in Electrical Engineering. He received his PhD degree from the
same university in 1988. He was a lecturer in the Department of Electronic
Engineering, Hong Kong Polytechnic from 1988 to 1990. From 1990 to 1999, he
was a lecturer in Computer Engineering at Edith Cowan University, Western
Australia. He has been a senior lecturer in Computing at Western Sydney University
since 2000. Dr Cheung has research experience in a number of areas, including
conventional methods in artificial intelligence, fuzzy sets, artificial neural networks, digital signal
processing, image processing, network security and forensics, and communications and networking. In
the area of teaching, Dr Cheung has experience in development and delivery of a relative large number of
subjects in computer science, electrical and electronic engineering, computer engineering and networking.
7. Citation Count –26
Wearable Technology Devices Security and Privacy Vulnerability
Analysis
Ke Wan Ching and Manmeet Mahinderjit Singh
School of Computer Sciences,University Sains MalaysiaPenang, Malaysia
ABSTRACT
Wearable Technology also called wearable gadget, is acategory of technology devices with low
processing capabilities that can be worn by a user with the aim to provide information and ease of access
to the master devices its pairing with. Such examples are Google Glass and Smart watch. The impact of
wearable technology becomes significant when people start their invention in wearable computing, where
their mobile devices become one of the computation sources. However, wearable technology is not
mature yet in term of device security and privacy acceptance of the public. There exists some security
weakness that prompts such wearable devices vulnerable to attack. One of the critical attack on wearable
technology is authentication issue. The low processing due to less computing power of wearable device
cause the developer's inability to equip some complicated security mechanisms and algorithm on the
device. In this study, an overview of security and privacy vulnerabilities on wearable devices is presented.
KEYWORDS
Wearable Technology; Wearable Devices; GoogleGlass; Smartwatch
For More Details : http://aircconline.com/ijnsa/V8N3/8316ijnsa02.pdf
Volume Link : http://airccse.org/journal/jnsa16_current.html
8. REFERENCES
[1] Tehrani, Kiana, and Andrew M. (26 Mar, 2014). Wearable Technology and Wearable Devices:
Everything You Need to Know. (cited 18 Sep, 2015). [Online] Available:
http://www.wearabledevices.com/what-is-a-wearable-device/
[2] Transparency Market Research. (05 Jun, 2014). Wearable Technology Market Research Report 2018.
(cited 21 Sep, 2015). [Online]Available: http://www.transparencymarketresearch.com/article/wearable-
technology-market.htm
[3] Viral M. (01 Apr, 2012). Wearable Computer. (cited 18 Sep, 2015). [Online] Available:
http://www.slideshare.net/fbviralmehta/wearable-computer-12242345
[4] PricewaterhouseCoopers B.V. 2014. Consumer intelligence series - The wearable future. (cited 19
Sep, 2015). [Online] Available: https://www.pwc.se/sv/media/assets/consumer-intelligence-series-
thewearable-future.pdf
[5] Al-Muhtadi, J., D. Mickunas, and R. Campbell. Wearable security services. in Distributed Computing
Systems Workshop, 2001 International Conference on. 2001.
[6] McAdams, E., et al. Wearable sensor systems: The challenges. in Engineering in Medicine and
Biology Society, EMBC, 2011 Annual International Conference of the IEEE. 2011.
[7] Pietro, R.D. and L.V. Mancini, Security and privacy issues of handheld and wearable wireless devices.
Commun. ACM, 2003. 46(9): p. 74-79.
[8] Uddin, M., et al., Wearable Sensing Framework for Human Activity Monitoring, in Proceedings of
the 2015 workshop on Wearable Systems and Applications. 2015, ACM: Florence, Italy. p. 21-26.
[9] Authentify. (2016). Out-of-Band Authentication. (Cited 28 Feb, 2016).
http://authentify.com/solutions/authentication-concepts/band-authentication/
[10] Ghoreishizadeh, S.S., et al. A lightweight cryptographic system for implantable biosensors. In
Biomedical Circuits and Systems Conference (BioCAS), 2014 IEEE. 2014. IEEE.
[11] Safavi, S. and Z. Shukur, Improving google glass security and privacy by changing the physical and
software structure. Life Science Journal, 2014. 11(5): p. 109-117.
[12] Geran S. (18 Apr, 2014). Is Google Glass a Security Risk? (cited 19 Oct, 2015).[Online] Available:
https://blog.bit9.com/2014/04/18/is-google-glass-a-security-risk/
[13] Daniel D. 2013. Privacy Implications of Google Glass. (cited 21 Oct, 2015).[Online] Available:
http://resources.infosecinstitute.com/privacy-implications-of-google-glass/
[14] Marc R. (17 Jul, 2013). Hacking the Internet of Things for Good. (cited 19 Oct,2015).[Online]
Available: https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/
[15] Candid W. (18 Jul, 2013). Google Glass Still Vulnerable to WiFi Hijacking Despite QR
Photobombing Patch. (cited 21 Oct, 2015).[Online] Available:
http://www.symantec.com/connect/blogs/google-glass-still-vulnerable-wifi-hijacking-despite-
qrphotobombing-patch
9. [16] [fitbit. (cited 21 Oct, 2015).[Online] Available: https://www.fitbit.com/my
[17] Michael S. (11 Jun, 2015). Internet of Things Security Evaluation of nine Fitness Trackers. (cited 21
Oct, 2015).[Online] Available: https://www.av-test.org/fileadmin/pdf/avtest_2015-
06_fitness_tracker_english.pdf
[18] Rahman, M., B. Carbunar, and M. Banik, Fit and vulnerable: Attacks and defenses for a health
monitoring device. arXiv preprint arXiv:1304.5672, 2013.
[19]J acob B. (03 Aug, 2015). Surveillance Society: Wearable fitness devices often carry security risks.
(cited 21 Oct, 2015).[Online] Available: http://www.post-
gazette.com/news/surveillancesociety/2015/08/03/Surveillance-Society-Wearable-fitness-devices-often-
carry-securityrisks/stories/201508030023
[20] Cyr, B., et al., Security Analysis of Wearable Fitness Devices (Fitbit). Massachusets Institute of
Technology, 2014.
[21] Carly P. (24 May, 2015). iPhone users' privacy at risk due to leaky Bluetooth technology. (cited 24
Oct, 2015).[Online] Available: http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-atrisk-
due-to-leaky-bluetooth-technology
[22] Kristi R. (22 Jul, 2015). HP Study Reveals Smartwatches Vulnerable to Attack. (cited 4 Oct,
2015).[Online] Available: http://www8.hp.com/us/en/hp-
news/pressrelease.html?id=2037386#.Vi18G7crLIU
[23] Liviu A. (12 Sep, 2014). Bitdefender Research Exposes Security Risks of Android Wearable
Devices.(cited 24 Oct, 2015).[Online] Available:
http://www.darkreading.com/partnerperspectives/bitdefender/bitdefender-research-exposes-security-risks-
of-android-wearable-devices-/a/d-id/1318005
[24] Ryan G. (01 Oct, 2013). Accelerometer vs. Gyroscope: What's the Difference? (cited 23
Oct,2015).[Online] Available: http://www.livescience.com/40103-accelerometer-vs-gyroscope.html
[25] Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver. 2013. SENSORS
ON ANDROID PHONES. (cited 23 Oct, 2015).[Online] Available:
http://m4d.colfinder.org/sites/default/files/Slides/M4D_Week2_sensors.pdf
[26] Engineer’s Handbook. 2006. Mechanical Components - Sound Sensors. (cited 2
Oct,2015).[Online]Available:http://www.engineershandbook.com/Components/soundsensors.html
[27] Technavio. (21 Jul 2014). Exploring Five Challenges in the Wearable Technology Market. (cited 31
Oct, 2015). [Online] Available: http://www.technavio.com/blog/exploring-five-challenges-in-
thewearable-technology-market
[28] Julie F. (12 Nov, 2014). ISACA Survey: Most Consumers in Australia Aware of Major Data
Breaches, But Fewer Than Half Have Changed Key Shopping Behaviors. (cited 4 Oct, 2015).[Online]
Available: http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACASurvey-
Most-Consumers-in-Australia-Aware-of-Major-Data-Breaches-But-Fewer-Than-Half-HaveChanged-
Shopping-Behaviors.aspx
10. [29] Nroseth. (27 Mar, 2015). Data Security in a Wearables World. (cited 4 Oct, 2015).[Online]
Available: http://www.swatsolutions.com/data-security-in-a-wearables-world/
[30] Vangie B. cloud. (cited 4 Oct, 2015).[Online] Available:
http://www.webopedia.com/TERM/C/cloud.html
[31] David E. Sanger and Nicole P. (14 Feb 2015). Bank Hackers Steal Millions via Malware. (cited 17
Oct, 2015).[Online] Available: http://www.nytimes.com/2015/02/15/world/bank-hackers-stealmillions-
via-malware.html?_r
[32] Michael C. Wearables security: Do enterprises need a separate WYOD policy? (cited 17 Oct,
2015).[Online] Available: http://searchsecurity.techtarget.com/answer/Wearables-security-Doenterprises-
need-a-separate-WYOD-policy
[33] Mellisa T. (May 30, 2013). 4 Security Challenges for Fitbit, Google Glass + Other Wearable
Devices.(cited 4 Oct, 2015).[Online] Available: http://siliconangle.com/blog/2013/05/30/4-
securitychallenges-for-fitbit-google-glass-other-wearable-devices/
[34] Kristi R. (22 Jul, 2015). HP Study Reveals Smartwatches Vulnerable to Attack. (cited 4 Oct,
2015).[Online] Available: http://www8.hp.com/us/en/hp-
news/pressrelease.html?id=2037386#.Vi18G7crLIU
[35] Eric Z. (14 May, 2015). Apple Watch, Android Wear Lack Theft Protection. (cited 17 Oct, 2015).
[Online] Available: http://www.informationweek.com/it-life/apple-watch-android-wear-lack-
theftprotection/a/d-id/1320430
[36]Apadmi. Apadmi’s Wearable Tech Study:Do Potential Customers Think Wearable Tech Poses a
Privacy Risk? (cited 20 Oct, 2015).[Online] Available: http://www.apadmi.com/wearable-
technologytrends/wearable-tech privacy/#WTP-2
[37] Motti, V. and K. Caine, Users’ Privacy Concerns About Wearables, in Financial Cryptography and
Data Security, M. Brenner, et al., Editors. 2015, Springer Berlin Heidelberg. p. 231-244.
[38] Charles A. (01 May, 2013). Google Glass security failings may threaten owner's privacy. (cited 20
Oct, 2015).[Online] Available: http://www.theguardian.com/technology/2013/may/01/google-
glasssecurity-privacy-risk
[39] Michalevsky, Y., D. Boneh, and G. Nakibly. Gyrophone: Recognizing speech from gyroscope
signals.in Proc. 23rd USENIX Security Symposium (SEC’14), USENIX Association. 2014.
[40] Lisa E. (09 Oct, 2014). A New Wave Of Gadgets Can Collect Your Personal Information Like Never
Before. (cited 22 Oct, 2015).[Online] Available: http://www.businessinsider.my/privacy-fitnesstrackers-
smartwatches-2014-10/#GDuZGvtShqZO79S5.97
[41] Raij, A., et al., Privacy risks emerging from the adoption of innocuous wearable sensors in the
mobile environment, in Proceedings of the SIGCHI Conference on Human Factors in Computing
Systems. 2011, ACM: Vancouver, BC, Canada. p. 11-20.
[42] Mano.T. (2014). Wearables and Quantified Self Demand Security-First Design. (cited 18
Feb,2016).[Online] Available: http://www.wired.com/insights/2014/10/wearables-security-first-design/
11. Citation Count –15
Big Data Security and Privacy Issues in the CLOUD
Ali Gholami and Erwin Laure
High Performance Computing and Visualization Department,
KTH- Royal Institute of Technology, Stockholm, Sweden
ABSTRACT
Many organizations demand efficient solutions to store and analyze huge amount of information. Cloud
computing as an enabler provides scalable resources and significant economic benefits in the form of
reduced operational costs. This paradigm raises a broad range of security and privacy issues that must be
taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing
environments. This paper reviews the existing technologies and a wide array of both earlier and state-
ofthe-art projects on cloud security and privacy. We categorize the existing research according to the
cloud reference architecture orchestration, resource control, physical resource, and cloud service
management layers, in addition to reviewing the recent developments for enhancing the Apache Hadoop
security as one of the most deployed big data infrastructures. We also outline the frontier research on
privacy-preserving data-intensive applications in cloud computing such as privacy threat modeling and
privacy enhancing solutions.
KEYWORDS
Cloud Security, Privacy, Trust, Big Data, Virtualization, Data Protection
For More Details : http://aircconline.com/ijnsa/V8N1/8116ijnsa04.pdf
Volume Link : http://airccse.org/journal/jnsa16_current.html
12. REFERENCES
[1] A. Szalay and J. Gray, “2020 Computing: Science in an exponential world,” Nature, vol. 440, pp.413–
414, Mar. 2006.
[2] E. U. Directive, “95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of
such Data,” Official Journal of the EC, vol. 23, 1995.
[3] U. States., “Health insurance portability and accountability act of 1996 [micro form]: conference
report (to accompany h.r. 3103).” http://nla.gov.au/nla.catvn4117366, 1996.
[4] “Hypervisors, virtualization, and the cloud: Learn about hypervisors, system virtualization, and how
it works in a cloud environment.” Retrieved June 2015.
[5] M. Portnoy, Virtualization Essentials. 1st ed., 2012.Alameda, CA, USA: SYBEX Inc.,
[6] P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” tech. rep., July 2009.
[7] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, NIST Cloud Computing
Reference Architecture: Recommendations of the National Institute of Standards and Technology
(Special Publication 500-292). USA: CreateSpace Independent Publishing Platform, 2012.
[8] R. Dua, A. Raja, and D. Kakadia, “Virtualization vs containerization to support paas,” in Cloud
Engineering (IC2E), 2014 IEEE International Conference on, pp. 610–614, March 2014.
[9] S. Ghemawat, H. Gobioff and S.-T. Leung , "The Google File System" , SOSP , 2003.
[10] NIST Special Publication 500–291 version 2, NIST Cloud Computing Standards Roadmap, July
2013, Available at http://www.nist.gov/itl/cloud/publications.cfm.
[11] C. Lynch, “Big data: How do your data grow?,” Nature, vol. 455, pp. 28–29, Sept. 2008
[12] B. Russell, “Realizing Linux Containers (LXC).”
http://www.slideshare.net/BodenRussell/linuxcontainers-next-gen- virtualization-for-cloud-atl-summit-
ar4-3-copy. Retrieved October 2015.
[13] United Nations, “The Universal Declaration of Human Rights.”
http://www.un.org/en/documents/udhr/index.shtml, 1948. Retrieved August 2015.
[14] A. Westin, Privacy and Freedom. New Jork Atheneum, 1967.
[15] U. States., “Gramm-leach-bliley act.” http://www.gpo.gov/fdsys/pkg/PLAW106publ102/pdf/PLAW-
106publ102.pdf, November 1999.
[16] U. S. F. Law, “Right to financial https://epic.org/privacy/rfpa/, 1978. privacy act of 1978.”
[17] D. Bigo, G. Boulet, C. Bowden, S. Carrera, J. Jeandesboz, and A. Scherrer, “Fighting cyber crime
and protecting privacy in the cloud.” European Parliament, Policy Department C: Citizens’ Rights and
Constitutional Affairs, October 2012.
13. [18] S. Stalla-Bourdillon, “Liability exemptions wanted! internet intermediaries’ liability under uk law,”
Journal of International Commercial Law and Technology, vol. 7, no. 4, 2012.
[19] N. Mimura Gonzalez, M. Torrez Rojas, M. Maciel da Silva, F. Redigolo, T. Melo de Brito Carvalho,
C. Miers, M. Naslund, and A. Ahmed, “A framework for authentication and authorization credentials in
cloud computing,” in Trust, Security and Privacy in Computing and Communications (TrustCom), 2013
12th IEEE International Conference on, pp. 509–516, July 2013.
[20] R. Banyal, P. Jain, and V. Jain, “Multi-factor authentication framework for cloud computing,” in
Computational Intelligence, Modelling and Simulation (CIMSim), 2013 Fifth International Conference
on, pp. 105–110, Sept 2013.
[21] R. Lomotey and R. Deters, “Saas authentication middleware for mobile consumers of iaas cloud,” in
Services (SERVICES), 2013 IEEE Ninth World Congress on, pp. 448–455, June 2013.
[22] H. Kim and S. Timm, “X.509 authentication and authorization in fermi cloud,” in Utility and Cloud
Computing (UCC), 2014 IEEE/ACM 7th International Conference on, pp. 732–737, Dec 2014.
[23] B. Tang, R. Sandhu, and Q. Li, “Multi-tenancy authorization models for collaborative cloud
services,” in Collaboration Technologies and Systems (CTS), 2013 International Conference on, pp. 132–
138, May 2013.
[24] L. Zhou, V. Varadharajan, and M. Hitchens, “Integrating trust with cryptographic role-based access
control for secure cloud data storage,” in Trust, Security and Privacy in Computing and Communications
(TrustCom), 2013 12th IEEE International Conference on, pp. 560–569, July 2013.
[25] J. Sendor, Y. Lehmann, G. Serme, and A. Santana de Oliveira, “Platform level support for
authorization in cloud services with oauth 2,” in Proceedings of the 2014 IEEE International Conference
on Cloud Engineering, IC2E ’14, (Washington, DC, USA), pp. 458–465, IEEE Computer Society, 2014.
[26] M. A. Leandro, T. J. Nascimento, D. R. dos Santos, C. M. Westphall, and C. B. Westphall,
“Multitenancy authorization system with federated identity for cloud-based environments using
shibboleth,” in Proceedings of the 11th International Conference on Networks, ICN 2012, pp. 88–93,
2012.
[27] M. Stihler, A. Santin, A. Marcon, and J. Fraga, “Integral federated identity management for cloud
computing,” in New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on,
pp. 1–5, May 2012.
[28] Dove, E. S, Y. Joly, A.-M. Tassé, P. P. P. in Genomics, S. P. I. S. Committee, I. C. G. C. I. Ethics, P.
Committee, and B. M Knoppers, “Genomic cloud computing: legal and ethical points to
consider,”European Journal of Human Genetics, August 2014.
[29] E. Carlini, M. Coppola, P. Dazzi, L. Ricci, and G. Righetti, “Cloud federations in contrail,” in
EuroPar 2011: Parallel Processing Workshops, vol. 7155 of Lecture Notes in Computer Science, pp. 159–
168, Springer Berlin Heidelberg, 2012.
[30] W. Hummer, P. Gaubatz, M. Strembeck, U. Zdun, and S. Dustdar, “Enforcement of Entailment
Constraints in Distributed Service-Based Business Processes,” Information and Software Technology,
2013.
14. [31] J. Gouveia, P. Crocker, S. Melo De Sousa, and R. Azevedo, “E-id authentication and uniform access
to cloud storage service providers,” in Cloud Computing Technology and Science (CloudCom), 2013
IEEE 5th International Conference on, vol. 1, pp. 487–492, Dec 2013.
[32] G. Sipos, D. Scardaci, D. Wallom, and Y. Chen, “The user support programme and the training
infrastructure of the egi federated cloud,” in High Performance Computing Simulation (HPCS), 2015
International Conference on, pp. 9–18, July 2015.
[33] N. Santos, K. P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” in Proceedings of
the 2009 Conference on Hot Topics in Cloud Computing, HotCloud’09, (Berkeley, CA, USA),USENIX
Association, 2009.
[34] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, “Terra: A virtual machine-based
platform for trusted computing,” in Proceedings of the Nineteenth ACM Symposium on Operating
Systems Principles, SOSP ’03, (New York, NY, USA), pp. 193–206, ACM, 2003.
[35] R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang, and L. Zhuang, “Enabling security in cloud storage
slas with cloudproof,” in Proceedings of the 2011 USENIX Conference on USENIX Annual Technical
Conference, USENIX ATC’11, (Berkeley, CA, USA), pp. 31–31, USENIX Association,2011.
[36] S. Zhu and G. Gong, “Fuzzy authorization for cloud storage,” Cloud Computing, IEEE Transactions
on, vol. 2, pp. 422–435, Oct 2014.
[37] D. Perez-Botero, J. Szefer, and R. B. Lee, “Characterizing hypervisor vulnerabilities in cloud
computing servers,” in Proceedings of the 2013 International Workshop on Security in Cloud Computing,
Cloud Computing ’13, (New York, NY, USA), pp. 3–10, ACM, 2013.
[38] F. F. Brasser, M. Bucicoiu, and A.-R. Sadeghi, “Swap and play: Live updating hypervisors and its
application to xen,” in Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing
Security, CCSW ’14, (New York, NY, USA), pp. 33–44, ACM, 2014.
[39] C. Klein, A. Papadopoulos, M. Dellkrantz, J. Durango, M. Maggio, K.-E. Arzen, F.
HernandezRodriguez, and E. Elmroth, “Improving cloud service re silience using brownout-aware
loadbalancing,” in Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on,
pp. 31–40, Oct 2014.
[40] E. Lakew, L. Xu, F. Hernandez-Rodriguez, E. Elmroth, and C. Pahl, “A synchronization mechanism
for cloud accounting systems,” in Cloud and Autonomic Computing (ICCAC), 2014 International
Conference on, pp. 111–120, Sept 2014.
[41] M. Anand, “Cloud monitor: Monitoring applications in cloud,” in Cloud Computing in Emerging
Markets (CCEM), 2012 IEEE International Conference on, pp. 1–4, Oct 2012.
[42] A. Brinkmann, C. Fiehe, A. Litvina, I. Lück, L. Nagel, K. Narayanan, F. Ostermair, and
W.Thronicke, “Scalable monitoring system for clouds,” in Proceedings of the 2013 IEEE/ACM 6th
International Conference on Utility and Cloud Computing, UCC ’13, (Washington, DC, USA), pp.351–
356, IEEE Computer Society, 2013.
[43] J. Nikolai and Y. Wang, “Hypervisor-based cloud intrusion detection system,” in Computing,
Networking and Communications (ICNC), 2014 International Conference on, pp. 989–993, Feb 2014.
15. [44] C. Basescu, A. Carpen-Amarie, C. Leordeanu, A. Costan, and G. Antoniu, “Managing data access on
clouds: A generic framework for enforcing security policies,” in Advanced Information Networking and
Applications (AINA), 2011 IEEE International Conference on, pp. 459–466, March 2011.
[45] H. Takabi and J. Joshi, “Policy management as a service: An approach to manage policy
heterogeneity in cloud computing environment,” in System Science (HICSS), 2012 45th Hawaii
International Conference on, pp. 5500–5508, Jan 2012.
[46] K. W. Hamlen, L. Kagal, and M. Kantarcioglu, “Policy enforcement framework for cloud data
management.,” IEEE Data Eng. Bull., vol. 35, no. 4, pp. 39–45, 2012.
[47] S. Pearson, V. Tountopoulos, D. Catteddu, M. Sudholt, R. Molva, C. Reich, S. Fischer-Hubner, C.
Millard, V. Lotz, M. Jaatun, R. Leenes, C. Rong, and J. Lopez, “Accountability for cloud and other future
internet services,” in Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th
International Conference on, pp. 629–632, Dec 2012.
[48] S. Fischer-Hubner, J. Angulo, and T. Pulls, “How can cloud users be supported in deciding on,
tracking and controlling how their data are used?,” in Privacy and Identity Management for Emerging
Services and Technologies (M. Hansen, J.-H. Hoepman, R. Leenes, and D. Whitehouse, eds.), vol. 421 of
IFIP Advances in Information and Communication Technology, pp. 77–92, Springer Berlin Heidelberg,
2014.
[49] E. Ayday, J. Raisaro, U. Hengartner, A. Molyneaux, and J.-P. Hubaux, “Privacy-preserving
processing of raw genomic data,” in Data Privacy Management and Autonomous Spontaneous Security,
vol. 8247 of Lecture Notes in Computer Science, pp. 133147, Springer Berlin Heidelberg, 2014.
[50] E. Ayday, E. D. Cristofaro, J.-P. Hubaux and G. Tsudik "The chills and thrills of whole genome
sequencing", Computer, vol. 99, pp.1, 2013.
[51] Y. Huang and I. Goldberg, “Outsourced private information retrieval,” in Proceedings of the 12th
ACM Workshop on Workshop on Privacy in the Electronic Society, WPES ’13, (New York, NY,USA),
pp. 119–130, ACM, 2013.
[52] K. Lauter, A. Lopez-Alt, and M. Naehrig, “Private computation on encrypted genomic data,” Tech.
Rep. MSR-TR-2014-93, June 2014.
[53] M. Gostev, J. Fernandez-Banet, J. Rung, J. Dietrich, I. Prokopenko, S. Ripatti, M. I. McCarthy, A.
Brazma, and M. Krestyaninova, “SAIL - a software system for sample and phenotype availability across
biobanks and cohorts,” Bioinformatics, vol. 27, no. 4, pp. 589591, 2011.
[54] A. Gholami and E. Laure, “Advanced cloud privacy threat modeling,” The Fourth International
Conference on Software Engineering and Applications (SEAS-2015), to be published in Computer
Science Conference Proceedings in Computer Science and Information Technology (CS/IT) series.
[55] A. Gholami, J. Dowling, and E. Laure, “A security framework for population-scale genomics
analysis,” in High Performance Computing Simulation (HPCS), 2015 International Conference on,pp.
106–114, July 2015.
[56] A. Gholami, A.-S. Lind, J. Reichel, J.-E. Litton, A. Edlund, and E. Laure, “Privacy threat modeling
for emerging biobankclouds,” Procedia Computer Science, vol. 37, no. 0, pp. 489 – 496, 2014. The 5th
International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN2014)/The
16. 4th International Conference on Current and Future Trends of Information and Communication
Technologies in Healthcare (ICTH 2014)/ Affiliated Workshops.
[57] A. Gholami, E. Laure, P. Somogyi, O. Spjuth, S. Niazi, and J. Dowling, “Privacy-preservation for
publishing sample availability data with personal identifiers,” Journal of Medical and Bioengineering,
vol. 4, pp. 117–125, April 2014.
[58] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public auditing for data storage
security in cloud computing,” in Proceedings of the 29th Conference on Information Communications,
INFOCOM’10, (Piscataway, NJ, USA), pp. 525–533, IEEE Press, 2010.
[59] A. Cavoukian, The Security-Privacy Paradox: Issues, misconceptions, and Strategies.
https://www.ipc.on.ca/images/Resources/sec-priv.pdf, Retrieved November 2015.
[60] A. Gholami, G. Svensson, E. Laure, M. Eickhoff, and G. Brasche, “Scabia: Scalable Brain Image
Analysis in the Cloud,” in CLOSER 2013 - Proceedings of the 3rd International Conference on Cloud
Computing and Services Science, Aachen, Germany, 8-10 May, 2013, pp. 329–336, 2013.
[61] S. Sharma, “Evolution of as-a-service era in cloud,” CoRR, vol. abs/1507.00939, 2015.
[62] S. Sharma, U. S. Tim, J. Wong, S. Gadia, “Proliferating Cloud Density through Big Data Ecosystem,
Novel XCLOUDX Classification and Emergence of as-a-Service Era,” 2015
[63] S. Sharma, U. S. Tim, J. Wong, S. Gadia, S. Sharma, “A Brief Review on Leading Big Data
Models,” Data Science Journal, 13(0), 138-157. 2014.
[64] S. Sharma, U. S. Tim, J. Wong, S. Gadia, R. Shandilya, S. K. Peddoju, “Classification and
comparison of NoSQL big data models,” International Journal of Big Data Intelligence (IJBDI), Vol.2,
No. 3, 2015.
[65] S. Sharma, R. Shandilya, S. Patnaik, A. Mahapatra, “Leading NoSQL models for handling Big Data:
a brief review,” International Journal of Business Information Systems, Inderscience, 2015.
[66] A. Gholami, J. Dowling, L. Dimitrova, and R. M. Martinez, “Security Toolset Implementation (alpha
version) of the Scalable, Secure Storage BiobankCloud.” Deliverable D3.3, Submitted to the European
Commission, 2015.
[67] Cloud Security Alliance (CSA), “Security Guidance for Critical Areas of Focus in Cloud
Computing” version 3, 2011. Available at: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
[68] Cloud Security Alliance (CSA), “The Notorious Nine: Cloud Computing Top Threats in 2013”.
Available at: https://cloudsecurityalliance.org.
[69] S. Pearson, “Privacy, security and trust in cloud computing,” in Privacy and Security for Cloud
Computing, Computer Communications and Networks, pp. 3–42, Springer London, 2013.
[70] S. Rusitschka and A. Ramirez, “Big Data Technologies and Infrastructures.”
http://byteproject.eu/research/, Deliverable D1.4, Version 1.1, Sept. 2014.
[71] Telecommunications Act of 1996, No. 104-104, 110 Stat. 56, 1996. Available at:
http://transition.fcc.gov/Reports/tcom1996.pdf.
17. [72] NIST Special Publication 15001–291 version 1, Definitions and Taxonomies Subgroup, September
2015, Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-1.pdf.
[73] Hadoop Security Model, http://www.infoq.com/articles/HadoopSecurityModel, Retrieved February
2015.
[74] G. Dreo, M. Golling, W. Hommel, and F. Tietze, “Iceman: An architecture for secure federated inter-
cloud identity management,” in Integrated Network Management (IM 2013), 2013 IFIP/IEEE
International Symposium on,pp. 1207–1210, May 2013.
[75] Project Rhino, https://github.com/intel-hadoop/project-rhino, Retrieved June2014.
[76] Apache Knox, https://knox.apache.org/, Retrieved February 2015.
[77] Apache Ranger, http://ranger.incubator.apache.org/, Retrieved February 2015.
[78] Apache Sentry, https://blogs.apache.org/sentry/entry/getting_started, Retrieved February 2015.
[79] Y. Xianqing, P. Ning, and M. Vouk, “Enhancing security of hadoop in a public cloud,” in
Information and Communication Systems (ICICS), 2015 6th International Conference on, pp. 38–43,
April 2015.
[80] E. Bertino, “Big data - security and privacy,” in 2015 IEEE International Congress on Big Data, New
York City, NY, USA, June 27 - July 2, 2015, pp. 757–761, 2015.
[81] Devaraj Das, Owen O'Malley,Sanjay Radia, Kan Zhang, Adding Security to Apache Hadoop
http://hortonworks.com/wp-content/uploads/2011/10/security-design_withCover-1.pdf.
AUTHORS
Ali Gholami is a PhD student at the KTH Royal Institute of Technology. His research
interests include the use of data structures and algorithms to build adaptive data
management systems. Another area of his research focuses on the security concerns
associated with cloud computing. He is currently exploring strong and usable security
factors to enable researchers to process sensitive data in the cloud.
Professor Erwin Laure is Director of the PDC - Center for High Performance
Computing Center at KTH, Stockholm. He is the Coordinator of the EC-funded
"EPiGRAM" and "ExaFLOW" projects as well as of the HPC Centre of Excellence for
Bio-molecular Research "BioExcel" and actively involved in major e-infrastructure
projects (EGI, PRACE, EUDAT) as well as exascale computing projects. His research
interests include programming environments, languages, compilers and runtime systems
for parallel and distributed computing, with a focus on exascale computing.
18. Citation Count – 09
An Intelligent Classification Model for Phishing Email Detection
Adwan Yasin and Abdelmunem Abuhasan
College of Engineering and Information Technology, Arab American University,
Palestine
ABSTRACT
Phishing attacks are one of the trending cyber-attacks that apply socially engineered messages that are
communicated to people from professional hackers aiming at fooling users to reveal their sensitive
information, the most popular communication channel to those messages is through users’ emails. This
paper presents an intelligent classification model for detecting phishing emails using knowledge
discovery, data mining and text processing techniques. This paper introduces the concept of phishing
terms weighting which evaluates the weight of phishing terms in each email. The pre-processing phase is
enhanced by applying text stemming and WordNet ontology to enrich the model with word synonyms.
The model applied the knowledge discovery procedures using five popular classification algorithms and
achieved a notable enhancement in classification accuracy; 99.1% accuracy was achieved using the
Random Forest algorithm and 98.4% using J48, which is –to our knowledge- the highest accuracy rate for
an accredited data set. This paper also presents a comparative study with similar proposed classification
techniques.
KEYWORDS
phishing, data mining, email classification, Random Forest, J48.
For More Details : http://aircconline.com/ijnsa/V8N4/8416ijnsa05.pdf
Volume Link : http://airccse.org/journal/jnsa16_current.html
19. REFERENCES
[1] X. Dong, J. Clark, and J. Jacob, “Modelling user-phishing interaction”, in Human System Interactions,
2008 Conference on, may 2008, pp. 627–632.
[2] Phishing Activity Trends Report, http://docs.apwg.org/reports/apwg_trends_report_q1-q3_2015.pdf,
Accessed June 2016.
[3] https://security.googleblog.com/2014/11/behind-enemy-lines-in-our-war-against.html , Accessed June
2016.
[4] Limited Dictionary Builder: An Approach to Select Representative Tokens for Malicious URLs
Detection, IEEE ICC 2015 - Communication and Information Systems Security Symposium.
[5] Sukhjeel Kaui and Amrit Kaur, “Detecting of phishing web pages using weights computed through
Genetic Algorithm”, IEEE 3rd International Conference on MOOCs, Innovation and Technology in
Education (MITE), 2015.
[6] Lv Fang, Wang Bailing, Huang Junheng, Sun Yushan, Wei Yuliang, “A Proactive Discovery and
Filtering Solution on Phishing Websites”, IEEE International Conference on Big Data (Big Data),2015.
[7] Binay Kumar, Pankaj Kumar, Ankit Mundra, Shikha Kabra, “DC Scanner: Detecting Phishing
Attack”, IEEE Third International Conference on Image Information Processing, 2015.
[8] Sami Smadi, Nauman Aslam, Li Zhang, Rafe Alasem, M A Hossain, “Detection of Phishing Emails
using Data Mining Algorithms”, 9th International Conference on Software, Knowledge, Information
Management and Applications (SKIMA), 2015.
[9] Zheng Dong, Apu Kapadia, Jim Blythe, L. Jean Camp, “Beyond the Lock Icon: Real-time Detection
of Phishing Websites Using Public Key Certificates”, APWG Symposium on Electronic Crime Research
(eCrime), 2015.
[10] S. Chiasson, E. Stobert, A. Forget, R. Biddle, and P. C. van Oorschot, “Persuasive cued click-points:
Design, implementation, and evaluation of a knowledge-based authentication mechanism,” IEEE Trans.
on Dependable and Secure Computing, vol. 9, no. 2, pp. 222–235, 2012.
[11] R. Biddle, S. Chiasson, and P. C. van Oorschot, “Graphical Passwords: Learning from the First
Twelve Years,” ACM Computing Surveys, vol. 44, no. 4, 2012.
[12] R. Jhawar, P. Inglesant, N. Courtois, and M. A. Sasse, “Make mine a quadruple: Strengthening the
security of graphical one-time pin authentication,” in Proc. NSS 2011, pp. 81–88.
[13] RSA, “RSA SecurID Two-factor
Authentication,”2011,www.rsa.com/products/securid/sb/10695_SIDTFA_SB_0210.pdf. , Accessed June
2016.
[14] Cronto, www.cronto.com/. Accessed June 2016.
[15] E. Gal´an and J.C. Hern andez Castro and A. Alcaide and A. Ribagorda, “A Strong Authentication
Protocol based on Portable One–Time Dynamic URLs”, IEEE/WIC/ACM International Conference on
Web Intelligence and Intelligent Agent Technology. 2010.
20. [16] Mengjun Xie, Yanyan Li, Kenji Yoshigoe, Remzi Seker, Jiang Bian, “CamAuth: Securing Web
Authentication with Camera”, IEEE 16th International Symposium on High Assurance Systems
Engineering, 2015.
[17] http://www.google.com/landing/2step/. Accessed June 2016.
[18] A. Czeskis, M. Dietz, T. Kohno, D. Wallach, and D. Balfanz, “Strengthening user authentication
through opportunistic cryptographic identity assertions,” in Proceedings of the 2012 ACM conference
on Computer and communications security, ser. CCS ’12, 2012, pp. 404–414.
[19] Ben Dodson, Debangsu Sengupta, Dan Boneh, and Monica S. Lam, “Secure, Consumer-Friendly
Web Authentication and Payments with a Phone”.
http://mobisocial.stanford.edu/papers/mobicase10s.pdf,Accessed June 2016.
[20] Rachna Dhamija, J. D. Tygar, Marti Hearst, “Why Phishing Works”, CHI-2006: Conference on
Human Factors in Computing Systems, 2006.
[21] Julie S. Downs, Mandy B. Holbrook, Lorrie Faith Cranor, “Decision Strategies and Susceptibility to
Phishing”, Symposium On Usable Privacy and Security (SOUPS), July 12-14, 2006, Pittsburgh, PA, USA
[22] F. Toolan and J. Carthy, “Phishing detection using classifier ensembles,” in eCrime Researchers
Summit, 2009. eCRIME’09. IEEE, 2009, pp.1–9.
[23] Mayank Pandey and Vadlamani Ravi, “Detecting phishing e-mails using Text and Data mining”,
IEEE International Conference on Computational Intelligence and Computing Research 2012.
[24] Sunil B. Rathod, Tareek M. Pattewar, “Content Based Spam Detection in Email using Bayesian
Classifier”, IEEE ICCSP conference, 2015.
[25] Lew May Form, Kang Leng Chiew, San Nah Szeand Wei King Tiong, “Phishing Email Detection
Technique by using Hybrid Features”, IT in Asia (CITA), 9th International Conference, 2015.
[26] Tareek M. Pattewar, Sunil B. Rathod, “A Comparative Performance Evaluation of Content Based
Spam and Malicious URL Detection in E-mail”, IEEE International Conference on Computer Graphics,
Vision and Information Security (CGVIS), 2015.
[27] Prajakta Ozarkar, & Dr. Manasi Patwardhan,” Efficient Spam Classification by Appropriate Feature
Selection”, International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6375(Online) Volume 4, Issue 3, May – June (2013).
[28] Gaurav Kumar Tak1 and Gaurav Ojha2, “MULTI-LEVEL PARSING BASED APPROACH
AGAINST PHISHING ATTACKS WITH THE HELP OF KNOWLEDGE BASES”, International
Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
[29] Usama Fayyad, Gregory Piatetsky Shapiro and Padhraic Smyth “Knowledge Discovery and Data
Mining: Towards a Unifying Framework”, KDD-96 Proceedings, 1996.
[30] J.Mason,“The apache spamassassin public corpus,”
2005,http://spamassassin.apache.org/publiccorpus/. Accessed June 2016.
[31] J. Nazario, “Phishing Corpus”, https://monkey.org/~jose/phishing/ , Accessed June 2016.
21. [32] Pal, N.R., Jain, L.C., (Eds.), “Advanced Techniques in Knowledge Discovery and Data Mining”,
Springer Verlag,2005.
[33] Porter, M.F. (1980), “An algorithm for suffix stripping”, Program, Vol. 14 No.3, pp. 130-137.
[34] George A. Miller (1995). WordNet: A Lexical Database for English. Communications of the ACM
Vol. 38, No. 11: 39-41.
[35] ark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, Ian H. Witten
(2009);The WEKA Data Mining Software: An Update; SIGKDD Explorations, Volume 11, Issue 1.
[36] M. Khonji, Y. Iraqi, and A. Jones, “Enhancing phishing e-mail classifiers: A lexical url analysis
approach,” International Journal for Information Security Research (IJISR), vol. 2, no. 1/2, 2012.
[37] W. N. Gansterer and D. P¨olz, “E-mail classification for phishing defence”, in Advances in
Information Retrieval. Springer, 2009, pp. 449–460.
[38] M. Chandrasekaran, K. Narayanan, and S. Upadhyaya, “Phishing email detection based on structural
properties,” in NYS Cyber Security Conference, 2006, pp. 1–7.
[39] L. Ma, B. Ofoghi, P. Watters, and S. Brown, “Detecting phishing emails using hybrid features,” in
Ubiquitous, Autonomic and Trusted Computing, 2009. UIC-ATC’09. Symposia and Workshops on.
IEEE, 2009, pp. 493–497.
[40] I. R. A. Hamid and J. Abawajy, “Hybrid feature selection for phishing email detection,” in
Algorithms and Architectures for Parallel Processing. Springer, 2011, pp. 266–275.
AUTHORS
Adwan Yasin is an associate Professor, Former dean of Faculty of Engineering and
Information Technology of the Arab American University of Jenin, Palestine. Previously
he worked at Philadelphia and Zarka Private University, Jordan. He received his PhD
degree from the National Technical University of Ukraine in 1996. His research interests
include Computer Networks, Computer Architecture, Cryptography and Networks
Security.
Abdelmunem Abuhasan is a Master student at the Arab American University with
particular interests in computer security, web security and software engineering. He is
working since ten years as the manager of software development department at the Arab
American University. He holds a B.A. in Computer Science from the Arab American
University.
22. Citation Count – 06
A Benchmark for Designing Usable and Secure Text-Based
Captchas
Suliman A. Alsuhibany
Computer Science Department, College of Computer, Qassim University, Buridah, Saudi
Arabia
ABSTRACT
An automated public Turing test to distinguish between computers and humans known as CAPTCHA is a
widely used technique on many websites to protect their online services from malicious users. Two
fundamental aspects of captcha considered in various studies in the literature are robustness and usability.
A widely accepted standard benchmark, to guide the text-based captcha developers is not yet available.
So this paper proposes a benchmark for designing usable-secure text-based captchas based on a
community driven evaluation of the usability and security aspects. Based on this benchmark, we develop
four new textbased captcha schemes, and conduct two separate experiments to evaluate both the security
and usability perspectives of the developed schemes. The result of this evaluation indicates that the
proposed benchmark provides a basis for designing usable-secure text-based captchas.
KEYWORDS
Text-Based CAPTCHA, security, usability, benchmark
For More Details : http://aircconline.com/ijnsa/V8N4/8416ijnsa04.pdf
Volume Link : http://airccse.org/journal/jnsa16_current.html
23. REFERENCES
[1] Von Ahn, L., Blum, M. and Langford, J., 2004. Telling humans and computers apart
automatically.Communications of the ACM, 47(2), pp.56-60.
[2] ur Rizwan, R., 2012. Survey on captcha systems.Journal of Global Research in Computer
Science,3(6), pp.54-58.
[3] Roshanbin, N. and Miller, J., 2013. A survey and analysis of current CAPTCHA approaches. Journal
of Web Engineering, 12(1-2), pp.1-40.
[4] Chellapilla, K., Larson, K., Simard, P. and Czerwinski, M., 2005, April. Designing human friendly
human interaction proofs (HIPs). InProceedings of the SIGCHI conference on Human factors in
computing systems (pp. 711-720). ACM.
[5] Yan, J. and El Ahmad, A.S., 2008, July. Usability of CAPTCHAs or usability issues in CAPTCHA
design. In Proceedings of the 4th symposium on Usable privacy and security (pp. 44-52). ACM.
[6] Yan, J. and El Ahmad, A.S., 2008, October. A Low-cost Attack on a Microsoft CAPTCHA.
InProceedings of the 15th ACM conference on Computer and communications security (pp. 543-554).
ACM.
[7] Huang, S.Y., Lee, Y.K., Bell, G. and Ou, Z.H., 2010. An efficient segmentation algorithm for
CAPTCHAs with line cluttering and character warping. Multimedia Tools and Applications,
48(2),pp.267-289.
[8] El Ahmad, A.S., Yan, J. and Marshall, L., 2010, April. The robustness of a new CAPTCHA.
InProceedings of the Third European Workshop on System Security (pp. 36-41). ACM.
[9] Bursztein, E., Martin, M. and Mitchell, J., 2011, October. Text-based CAPTCHA strengths and
weaknesses. In Proceedings of the 18th ACM conference on Computer and communications security (pp.
125-138). ACM.
[10] Mori, G. and Malik, J., 2003, June. Recognizing objects in adversarial clutter: Breaking a visual
CAPTCHA. In Computer Vision and Pattern Recognition, 2003. Proceedings. 2003 IEEE Computer
Society Conference on (Vol. 1, pp. I-134). IEEE.
[11] Alsuhibany, S.A., 2011, August. Optimising Captcha Generation. In Availability, Reliability and
Security (ARES), 2011 Sixth International Conference on (pp. 740-745). IEEE.
[12] Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C. and Jurafsky, D., 2010, May. How Good Are
Humans at Solving CAPTCHAs? A Large Scale Evaluation. In IEEE Symposium on Security and
Privacy (pp. 399-413).
[13] Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C. and Jurafsky, D., 2014, April. Easy
does it: more usable CAPTCHAs. InProceedings of the 32nd annual ACM conference on Human factors
in computing systems (pp. 2637-2646). ACM.
[14] Kluever, K.A. and Zanibbi, R., 2009, July. Balancing usability and security in a video CAPTCHA. In
Proceedings of the 5th Symposium on Usable Privacy and Security (p. 14). ACM.
24. [15] Xu, Y., Reynaga, G., Chiasson, S., Frahm, J.M., Monrose, F. and Van Oorschot, P., 2012. Security
and usability challenges of moving-object CAPTCHAs: decoding codewords in motion. InPresented as
part of the 21st USENIX Security Symposium (USENIX Security 12) (pp. 49-64).
[16] Nielsen, J., 2003. Usability 101: Introduction to usability.
[17] Wilkins, J., 2009. Strong captcha guidelines v1. 2.Retrieved Nov, 10(2010), p.8.
[18] Yan, J. and El Ahmad, A.S., 2007, December. Breaking visual captchas with naive pattern
recognition algorithms. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-
Third Annual (pp. 279-291). IEEE.
[19] Bursztein, E., Aigrain, J., Moscicki, A. and Mitchell, J.C., 2014. The end is nigh: generic solving of
text-based CAPTCHAs. In 8th USENIX Workshop on Offensive Technologies (WOOT 14).
[20] Gao, H., Yan, J., Cao, F., Zhang, Z., Lei, L., Tang, M., Zhang, P., Zhou, X., Wang, X. and Li, J.,
2016. A Simple Generic Attack on Text Captchas. InProc. Network and Distributed System Security
Symposium (NDSS). San Diego, USA.
AUTHORS
Suliman Alsuhibany, PhD, is an assistant professor in the Computer Science department
and the head of the department at Qassim University, Saudi Arabia. He received his PhD
in information security from Newcaslte University, UK, and MSc in computer security
and resilience from Newcastle University, UK.